Skip to content
Snippets Groups Projects
Normal view Permalink
main.yml 1.2 KiB
Newer Older
  • Learn to ignore specific revisions
    • Kristian Klausen's avatar
    Add GeoIP domain for our sponsored mirros
    Kristian Klausen committed
    1 2 3 4 5 6 7 8 9 10 
    - name: install powerdns and geoip
  pacman: name=powerdns,libmaxminddb,geoip,yaml-cpp state=present

- name: install PowerDNS configuration
  template: src={{ item.src }} dest=/etc/powerdns/{{ item.dest }} owner=root group=root mode=0644
  loop:
    - {src: pdns.conf.j2, dest: pdns.conf}
    - {src: geo.yml.j2, dest: geo.yml}
  notify: restart powerdns
    Evangelos Foutras's avatar
    geo_dns: add geoipupdate.service drop-in to reload  
    Evangelos Foutras committed
    11 12 13 14 15 16 
    - name: create drop-in directory for geoipupdate
  file: path=/etc/systemd/system/geoipupdate.service.d state=directory owner=root group=root mode=0755

- name: install drop-in snippet for geoipupdate
  copy: src=geoipupdate-pdns-reload.conf dest=/etc/systemd/system/geoipupdate.service.d/pdns-reload.conf owner=root group=root mode=0644
    Kristian Klausen's avatar
    Add GeoIP domain for our sponsored mirros
    Kristian Klausen committed
    17 18 19 20 21 22 
    - name: open powerdns ipv4 port for monitoring.archlinux.org
  ansible.posix.firewalld: zone=wireguard state=enabled permanent=true immediate=yes
    rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['wireguard_address'] }} port protocol=tcp port=8081 accept"
  tags:
    - firewall
    Kristian Klausen's avatar
    geomirror: Add missing "open firewall hole" task  
    Kristian Klausen committed
    23 24 25 
    - name: open firewall hole
  ansible.posix.firewalld: service=dns permanent=true state=enabled immediate=yes
    Kristian Klausen's avatar
    Add GeoIP domain for our sponsored mirros
    Kristian Klausen committed
    26 27 
    - name: start and enable powerdns
  systemd: name=pdns.service enabled=yes daemon_reload=yes state=started